Kernel-level anticheat doesn't necessarily need to be on a fully closed platform, it could be implemented like SafetyNet on the Pixel series to check for system integrity but still allow for bootloader unlock and arbitrary user software
Kernel-level anticheat doesn't necessarily need to be on a fully closed platform, it could be implemented like SafetyNet on the Pixel series to check for system integrity but still allow for bootloader unlock and arbitrary user software
It's still not desirable, because it artificially excludes the rest of computer users who run Linux.
Couldn't it be a simple reboot to switch back to normal linux?
At what point do you have anything different than a console appliance?
Pixels and SafetyNet are different than a console appliance (e.g. Xbox, Playstation) in that Google allows both unlocking and relocking the bootloader, without affecting the integrity of a Pixel's onboard cryptographic hardware and secure enclave. This means you can, for example:
1. Unlock the bootloader and install an alternative OS (e.g. Graphene).
2. Relock the bootloader and still benefit from the Pixel's hardware security.
The above is not possible on modern video game consoles, or other phones, for the most part. Hardware cryptography has historically been used to lock customers out of their own machines for the purposes of profit, but that doesn't mean it has to be.
In the threat environment as it exists today --- a world in which almost everyone has an always on, always networked computer which must continually reveal its location in order to interface with the global network --- something like the Pixel's design ought to be the minimum standard for a computer in your pocket. Sadly, the only other device on the market with similar hardware security features is the iPhone, and it's as locked down as a games console. Samsung's Knox is another secure hardware platform/architecture, but they burn out a fuse on their phones to disable it when you unlock the bootloader.